On Mon, Jan 24, 2022 at 06:50:51PM +0100, Claudio Jeker wrote:
> > Requiring any content to be present (and the file's calculated digest to
> > match with the hash listed on the Manifest) might pose a problem with
> > our --exclude/--include rsync filter: files of unknown type are not
> > downloaded.
>
> Yes, this is an open issue that I have no great solution right now.
> Another issue is that these files are not moved to valid/ so a run
> with -n will fail on the MFT because the file is not present. I try to
> figure out a solution for these issues. Maybe it is enough to just
> ignore invalid non-existing files in proc_parser_mft_check().
I think the decision tree should be made as following:
1/ If a manifest contains a filename that is invalid according to
draft-ietf-sidrops-6486bis, reject the entire manifest. For example if
a filename contains two periods ('..'): Death sentence for that
CARepository.
2/ If a manifest contains a valid filename, which however is of a type
that rpki-client does not recognize: just 'skip over' that specific
entry. Unsupported filetypes can be recognized through their extension.
The referenced file is unlikely to be present in the incoming rsync
directory anyway; because of the --exclude/--include filters.
Forward compatibility is the objective.
Kind regards,
Job
